STSSessionToken uses the GetSessionToken API to retrieve a temporary session token.

## Output Keys and Values

| Key               | Description                                                                         |
|-------------------|-------------------------------------------------------------------------------------|
| access_key_id     | The access key ID that identifies the temporary security credentials.               |
| secret_access_key | The secret access key that can be used to sign requests.                            |
| session_token     | The token that users must pass to the service API to use the temporary credentials. |
| expiration        | The date on which the current credentials expire.                                   |

## Authentication

You can choose from one authentication mechanisms:

* static credentials using `spec.auth.secretRef`

_Note_: STSSessionToken uses GetSessionToken API. This API can _only_ be used by long-term credentials such as an id + key.
Therefore, it is only usable with a secretRef for authentication.

## Request Parameters

The following request parameters can be provided:

- duration seconds -> can specify the TTL of the generated token
- serial number -> define the serial number of the MFA device used by the user
- token code -> possible code generated by the above-referenced MFA device

## Example Manifest

```yaml
{% include 'generator-sts.yaml' %}
```

Example `ExternalSecret` that references the STS Session Token generator:
```yaml
{% include 'generator-sts-example.yaml' %}
```